1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864

Analysis

max time kernel
148s
max time network
149s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13/10/2024, 08:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
Size

57KB
MD5

766d13e52ec239528db092c98036cf9e
SHA1

a4440805279305960c7ce6fada0cab758b21e9fd
SHA256

1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864
SHA512

ba0d91c83947af9abc6b26769a50db480204a1dde52f10478f88e7b1c9b12d9608ab373c03a8f82d995e5a5c323bc753467935efcbea80e6bcc0c3e95d434bdd
SSDEEP

1536:bxlKAMJTgLd2og1nKJyAL1KWoPWPpDGmf9awven5:bxunu35/oGpim4Gen5

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
637	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 4 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	bash	638	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
Changes the process name, possibly in an attempt to hide itself	nginx	639	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
Changes the process name, possibly in an attempt to hide itself	inetd	640	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
Changes the process name, possibly in an attempt to hide itself	sshd	641	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/5/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/17/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/19/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/223/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/632/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/634/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/12/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/23/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/43/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/161/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/170/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/591/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/774/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/20/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/22/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/748/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/762/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/276/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/630/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/646/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/10/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/14/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/16/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/27/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/152/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/278/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/770/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/28/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/571/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/754/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/9/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/753/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/756/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/758/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/42/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/138/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/306/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/629/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/760/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/2/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/8/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/274/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/640/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/4/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/6/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/81/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/112/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/149/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/746/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/764/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/7/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/15/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/18/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/26/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/103/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/292/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/592/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/3/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/13/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/318/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/588/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/768/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/11/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
File opened for reading	/proc/24/cmdline	1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf

/tmp/1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
/tmp/1485c22eb03f1e8e50b2ba4d6a5fdfd22cb4214b585e04929e670c4bfdeda864.elf
1⤵
- Deletes itself
- Changes its process name
- Reads runtime system information
PID:637

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads